Optional Auth login nonce to differentiate same-username logins

Optional Auth login nonce to differentiate same-username logins

If multiple login attempts are made using the same username within a
very short period of time, a race condition exists where, upon
completion of the first login, the auth init cache data for any pending
logins are removed, since there can only be one instance of cached init
data per username.

This adds support for allowing the caller to pass in a random string
which is added to the cache key as a way to differentiate between logins
using the same username.

The seed is passed into auth init as an optional secondary parameter
and passed again (via the "nonce" argument) to auth complete to ensure
consistent cache keys across both interactions.

Example:

my $nonce = rand($$);

my $seed = request(
    'open-ils.auth',
    'open-ils.auth.authenticate.init', $username, $nonce );

my $response = request(
    'open-ils.auth',
    'open-ils.auth.authenticate.complete',
    {
        username => $username,
        password => md5_hex($seed . md5_hex($password)),
        type     => 'opac',
        nonce    => $nonce
    }
);

Signed-off-by: Bill Erickson <berick@esilibrary.com>